Log4j attacks are still a major threat, warns Microsoft

Organizations should use scripts and scanning tools to assess their risk and impact

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Microsoftis warning its Windows andMicrosoft Azurecustomers that they need to remain vigilant when dealing with potential attacks exploiting theLog4Shell vulnerabilitiesin the popular Java logging framework Log4j.

At the beginning of December, the Apache Software Foundation disclosed a zero-day vulnerability, tracked asCVE-2021-44228, and four related flaws now known as Log4Shell. As numerous applications and online services useLog4jto log code written in Java, it could take years before the matter is finally resolved.

In an update to ablog postfirst published on December 11, Microsoft provided further insight on how the Log4Shell vulnerabilities are being exploited in the wild so far, saying:

“Exploitation attempts and testing have remained high during the last weeks of December. We have observed many existing attackers adding exploits of these vulnerabilities in their existing malware kits and tactics, from coin miners to hands-on-keyboard attacks. Organizations may not realize their environments may already be compromised. Microsoft recommends customers to do additional review of devices where vulnerable installations are discovered.”

Log4j dashboard and scanners

To protect themselves from any potential Log4j attacks, Microsoft recommends that its customers employ now readily available scripts andscanning toolsto assess their risk and impact.

In addition to cybercriminals, nation-state hackers that have more advanced capabilities have been observed taking advantage of the Log4Shell vulnerabilities which means we could see large-scale cyberattacks exploiting them in the future. In fact, Sonatype CTO Brian Fox said that “The combination of scope and potential impact here is unlike any previous component vulnerability I can readily recall” in a recent email toTechRadar Pro.

At the end of December, Microsoft took it upon itself to roll out aLog4j dashboardin the Microsoft 365 Defender Portal forWindows 10and 11, Windows Server andLinuxsystems to help security teams find patches for software and devices affected by Log4Shell. At the same time, both CISA and Crowdstrike released separate Log4j scanners ahead of the holidays.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Dealing with the the Log4Shell vulnerabilities has been quite difficult for security teams which is why the UK’s NCSC recently published ablog postwarning organizations about thepotential for burnoutwhile trying to patch affected software and devices.

As Log4Shell has the potential to lead to cyberattacks and data breaches on par or greater than the2017 hack of Equifax, organizations should heed Microsoft’s advice when it comes to remaining vigilant.

We’ve also highlighted thebest endpoint protection software,best firewallandbest antivirus

ViaZDNet

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well